JBoss EAP 6 CLI – Ninja Management - Red Hat€¦ · Core concepts: Subsystems & Profiles...
Transcript of JBoss EAP 6 CLI – Ninja Management - Red Hat€¦ · Core concepts: Subsystems & Profiles...
JBoss EAP 6 CLI – Ninja
Management
Brian Stansberry Principal Software Engineer, Red Hat06.13.13
Agenda
● Demo, demo, demo!● EAP 6 management basics● Using the CLI with a single Standalone Server● CLI security● Using the CLI with a multi-server Managed Domain● Interactive and non-interactive operation
EAP 6 Management Interfaces
Tools● CLI● Web Console
Management Protocols ● Native (Java)● HTTP/REST● JMX
New in EAP 6 -- Multi-Server Management
● Multi-server management is a core part of JBoss EAP 6 itself
● Manage multiple servers from a single control point● Start/stop servers● Rolling deployment to a set of servers● Roll a config change out to a set of servers● Roll back changes
Choices for How to Manage EAP 6 Instances
● Do you want to take advantage of our multi-server management features?
● Yes: run a Managed Domain● [bin]$ ./domain.sh
● No: run a Standalone Server● [bin]$ ./standalone.sh
Core concepts: Subsystems & Profiles
● Subsystem: a particular set of capabilities that extend the application server core
● Webserver, Transaction Manager, EJB3, CDI, HornetQ, OSGi, JCA, JGroups, Infinispan, etc, are all subsystems
● Profile: a named set of subsystem configurations● A standalone server runs a single profile● A managed domain can have many profiles available,
with different servers running different profiles
Core concept: Management Resources
● Everything manageable is exposed via a tree of addressable resources
● Address is an ordered list of key/value pairs● /profile=default/subsystem=web/connector=http
● Resources expose attributes & operations
● Quite similar to JMX Open MBeans● But, resources are organized in a tree● Atomic multi-step operations supported● Operations across servers supported
CLI – Two Types of Commands
● Low-level: ● provide resource address, operation name & params & you
can invoke any operation on any resource[standalone@localhost:9999 /] /subsystem=web/connector=http:read-attribute(name=request-count)
● High-level: convenience commands for common tasks[standalone@localhost:9999 /] deploy /home/admin/wars/helloworld.war
Demo – CLI Basics with a Standalone Server
● Navigation: ls, cd, pwd
● Convenience: tab completion, history
● Commands:● Low-level: provide resource address, operation name &
params & you can invoke any operation on any resource[standalone@localhost:9999 /] /subsystem=web/connector=http:read-attribute(name=request-count)
● High-level: convenience commands for common tasks[standalone@localhost:9999 /] deploy /home/admin/wars/helloworld.war
● Batch operations: batch, run-batch
● reload, shutdown operations
CLI Security
● Native management interface integrates with an EAP security-realm
<management> <security-realms> <security-realm name="ManagementRealm"> .... <management-interfaces> <native-interface security-realm=”ManagementRealm”>
● Realms support different authentication stores● truststore, properties file, LDAP, JAAS, custom● properties file is the default
● Manipulate via bin/add-user.sh (.bat) helper tool
“Local” Authentication
● Automated challenge-response, transparent to end user
● EAP provides location of a file writable by EAP process● Client proves it can write to that file
● Based on filesystem permissions● Assumption is if client process can write to files owned
by EAP process' account, the client account is valid
● Supported by default, but can be disabled
Demo – CLI Security
● whoami operation
● Disable local authentication, require login
Host 1
Managed Domain Topology
Domain Controller(master Host Controller)
Domain Controller(master Host Controller)
HostController
HostController
HostController
HostController
Server 3Server 3
Host 2Server 1Server 1
Server 2Server 2
Host 3
HostController
HostController
Host 4Server 5Server 5
Server 4Server 4
Server Group A
Server Group B
Demo – Administer a Managed Domain
● Administer a 3 “host”, 2 server domain
● Navigate the domain
● Add a server group
● Add 2 new servers
Rollout Plans
● Control how changes get applied to multiple servers in your domain
● Concurrency● Apply to all server groups concurrently or in series● Apply to all servers in a group concurrently or in series
● Failure tolerance● Failure on > x servers or > y% of servers in a group
triggers rollback (in that group or in all groups)
Demo – Rolling Changes Out to a Domain
● Roll a deployment out to the domain
● Save a rollout plan for re-use
● Use the saved rollout plan with an undeploy operation
Demo – Running the CLI from a Script
● Run a script that shuts down a given list of hosts
Q&A